Archive

One of the nastiest little tricks of nasty little governments is to hide new laws that they don’t want us to know about in popular laws that we all welcome. All governments do it — and the latest example is being done to us in Canada.

The Bill is C-13. It is called the Protecting Canadians from Online Crime Act — but has been sold to the people as the anti-cyberbullying law. Everybody agrees with the need for laws against cyberbullying and the practice of ‘revenge porn’ that frequently lies behind it. That’s the public face of C-13.

The government says,

This enactment amends the Criminal Code to provide, most notably, for

(a) a new offence of non-consensual distribution of intimate images as well as complementary amendments to authorize the removal of such images from the Internet and the recovery of expenses incurred to obtain the removal of such images, the forfeiture of property used in the commission of the offence, a recognizance order to be… read moreBill C-13

But you know there are problems when the mother of a victim of cyberbullying stands up and says, this is wrong. Carol Todd (whose daughter, Amanda, took her own life) wants the public face of C-13; but is worried about what lies beneath — the hidden face of C-13. That hidden face is all about providing the authorities with personal information on demand without a judicial warrant.

Todd wants emotional issues like cyberbullying to be kept separate from contentious issues like information sharing.

The government swiftly rejected Todd’s proposal, in keeping with its pattern of linking the two issues, likely because the Conservatives know that the only way to get the public to swallow unacceptable intrusions into our privacy is by linking them to child protection.Feds slyly expand power to invade privacy

That’s what C-13 is really about — making it easier for government officials to obtain users’ personal data from the telcos. But it does it more subtly than the earlier controversial and contentious C-30. At that time, the proposal was that the telcos would have to hand over data on demand. This one doesn’t do that — it simply provides immunity to the telcos when they do so.

Professor Michael Geist

Two years ago, Michael Geist revealed that the telecoms companies were collaborating with the government over c-30:

In the months leading up to the introduction Bill C-30, Canada’s telecom companies worked actively with government officials to identify key issues and to develop a secret industry-government collaborative forum on lawful access.

That collaboration has probably never stopped. Governments want telcos’ user data; and telcos cannot thrive without government approval. Ergo, telcos will work with governments to provide whatever is required. C-30 would have given the telcos legal support for surrendering customer data.

But even though they didn’t get C-30, it hasn’t stopped the telcos handing over the data. On 30 April 2014, the Canadian Privacy Commissioner published details on telcos information disclosure to government authorities. Twelve telcos were asked to respond. Nine did. The figures show that there were almost 1.2 million government requests (on average) per year. The number of accounts that were subject to disclosure by the telcos amounted to 784,756 (but with the added note, “This total only includes three providers as five providers were unable to provide this information”). We can confidently assume that there are more than 1 million government requests for personal information every year, and that in the majority of cases, the telcos provide that information without a judicial requirement and while refusing to tell either the privacy commissioner, or the users, who was involved nor what information was required for what purpose.

C-13 will allow the telcos to hand over data willingly without fear of privacy action from the user. This would include giving almost any customer data to almost any government official without the awkward need for a judicial warrant.

Blacklock’s Reporter, an Ottawa-based website that covers the federal government, reported that, according to lawyers and police, this would allow any clerk at the CRA to hand confidential information to any police officer on a fishing expedition with no paper trail.

Currently, tax information can only be released by a judge. If the Tories pass this clause unamended, it will no longer be judges making that call, but CRA officials, which is scary.Feds slyly expand power to invade privacy

C-13 is scary. And so indeed is any government, and that includes almost all of them, who tries to smuggle invidious legislation in an insidious manner.

Share this:

When I wrote the piece, Is the AV industry in bed with the NSA, I concluded that on balance it probably is. I have no evidence. It’s just that I cannot believe that an organization complicit in developing and deploying its own malware, and able to ‘socially engineer’ RSA into doing its bidding, would leave AV untouched.

Obviously I spoke to people in the industry. In private conversation with one contact, while accepting his own protestations of innocence, I asked, “What about McAfee and Symantec?” He paused; but then said, “If I had to question anyone, those are the two names that would come to mind.”

I should say, again, that I have no evidence. It’s just doubts born out of the repetition of hyped-up statistics, frequently used by government to justify its actions, and what appears to be preferential treatment from government.

A couple of months later, the Dutch digital liberty group Bits of Freedom wrote to the leading AV companies for a formal position. One of the questions it asked was, “Have you ever been approached with a request by a government, requesting that the presence of specific software is not detected, or if detected, not notified to the user of your software?”

My understanding is that some, but not all, AV companies replied, in writing, that they do not collaborate with governments.

F-Secure’s Mikko Hyppönen spoke yesterday at the TrustyCon conference. I wasn’t there, so this is from The Register’s report:

A surprising number of governments are now deploying their own custom malware – and the end result could be chaos for the rest of us, F-Secure’s malware chief Mikko Hyppönen told the TrustyCon conference in San Francisco on Thursday…

Share this:

Blogs are different to newspapers. You can get away with greater subjectivity in a blog than you can in a newspaper. But newspapers cannot absolve themselves of their responsibility for pure objective fact by calling a particular section a blog.

Anonymous responded with an open letter to the media in general. It accused Gill of being inaccurate in one of her two accusations (that their masks are produced in what she strongly implies is a sweatshop) and hypocritical in another (that Warner Bros benefits from every sale of a mask). On the latter, Anonymous suggests that royalties are a sad fact of life; and wonders how many Telegraph staff support Foxconn by using Apple or Dell, Sony or HP equipment. “Since 2010, at least 17 deaths occurred when employees committed suicide by jumping from the roof of the building. To use a phrase from Martha Gill’s article, these are certainly ‘unpleasant conditions.’”

But in reality, this incident is just a small local battle in a much larger war. Anonymous – and it’s not alone – believes that much of the media has been bought and usurped by government and big business; and supports the agenda of government and big business to the exclusion of truth. It is no coincidence that there is a nationwide (US) march against corporate media planned for next Saturday:

We are planning a march and rally in Washington DC to raise awareness of the privatization, corporatization, and monopolization of the mainstream media and the corruption of our fifth estate. The failure of the corporate networks to adequately cover critical social issues has allowed for the rampant corruption of our political and economic system to go unquestioned and unchallenged.March against mainstream media

If you have already thought about this, it cannot be denied. A few (very few) newspapers have kicked back in recent months with the Snowden revelations (notably the Guardian, Washington Post and Der Spiegel); but it’s also noticeable that the Guardian is under threat of prosecution in the UK for doing so.

The New York Times’ editorial board has made a disappointing endorsement of the Trans-Pacific Partnership (TPP), even as the actual text of the agreement remains secret. That raises two distressing possibilities: either in an act of extraordinary subservience, the Times has endorsed an agreement that neither the public nor its editors have the ability to read. Or, in an act of extraordinary cowardice, it has obtained a copy of the secret text and hasn’t yet fulfilled its duty to the public interest to publish it.

TPP is the successor to ACTA. ACTA was defeated by European activism. It is dead. TPP allows the same provisions to be established everywhere else without European involvement. Once this is achieved, the new discussions on an EU/US trade agreement will be dragged into the same agreements – it will be inevitable.

But where is the mainstream media’s concern over either? In defeating ACTA, the people made it very clear that they do not want ACTA – more specifically the internet-controlling, copyright-enforcing aspects of it. To understand the great Battle of ACTA, read Monica Horten’s new book, A Copyright Masquerade.

Rather than accept the will of the people, big business and government withdrew, regrouped, renamed and returned from a different direction, calling it TPP and being equally if not more secretive.

The problem is that the mainstream media is not on the side of its readers, but on the side of its owners.

Quite simply, the majority of US news outlets are owned by the same media companies that are lobbying in favour of trade agreements that will take over control of what appears on the internet, who can see what, and who goes where. Quite frankly, we can no longer believe what we read in the press any more than we can believe what government tells us.

Share this:

If you are suffering from ‘shock fatigue‘ (and who isn’t?) over the never-ending revelations on the extent and degree of NSA surveillance on all of us, then I can do no better than recommend you view NSA Files: Decoded – What the revelations mean for you. It is a single document that provides an overview of what we’ve learnt so far, and is interspersed throughout with brief videos on viewpoints from both sides of the fence.

If you are American, then you should be proud of the public debate that these revelations have prompted. If you are British, you should be worried about the lack of any public debate at all.

Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA)…

“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”Guardian, Friday 21 June 2013

But where is the public debate in the UK? It doesn’t exist.

To understand why, you have to consider the nature of the two countries. America was founded on a distrust of government (ironically, specifically the British government). Protection against government authority is built into the American Constitution. And to this day, Americans instinctively distrust big government.

Britain is different. Its democracy has grown slowly and peacefully over a thousand years. Brits instinctively believe that their government is good; Brits instinctively trust big government.

The result of Snowden’s revelations is that both governments are trying to justify their surveillance practices; but while the American government is on the defensive, the British government is decidedly offensive.

Meanwhile, in Britain, prime minister David Cameron accused the Guardian of damaging national security by publishing the revelations, warning that if it did not “demonstrate some social responsibility it would be very difficult for government to stand back and not to act”.NSA Files: Decoded

Meanwhile, in Britain, government agents forced the physical destruction of the Guardian disks containing Snowden files:

Meanwhile, in Britain, an emergency debate in Parliament did not discuss GCHQ overreach, but instead discussed the Guardian’s support for terrorists:

This debate, however, focuses on a narrower and darker issue: the responsibility of the editors of The Guardian for stepping beyond any reasonable definition of journalism into copying, trafficking and distributing files on British intelligence and GCHQ. That information not only endangers our national security but may identify personnel currently working in our intelligence services, risking their lives and those of their families.Parliamentary debate: National Security (The Guardian)

Incidentally, Paul Flynn (a Labour MP) attempted a ‘point of order':

On a point of order, Mr Caton. You are the guardian of the reputation of this debate, and so far it has demeaned Parliament’s reputation, because we have had two speeches that were written and read with no attempt to engage us in debate. This is McCarthyite scaremongering that disgraces Parliament.

Meanwhile, in Britain, the government’s pet poodle paper (The Daily Mail, if you hadn’t guessed) attacked the Guardian:

Stupendous arrogance: By risking lives, I say again, the Guardian is floundering far out of its depth in realms where no newspaper should venture…Stephen Glover, 9 October 2013

Put quite simply, the British government has very successfully managed to turn attention away from its surveillance programmes and against, instead, the newspaper that exposed it. The message is irrelevant, it suggests — it is the messenger that should be shot.

It is time, I suggest, for the British people to understand that its government cares not a jot for the British people, nor for democracy, nor freedom, nor liberty. It cares more for secrecy; and demands to be left alone to carry on unchecked. It is time for Brits to learn to distrust their government.

Share this:

To find the criminal, you must follow the money. To find the collaborator, you should follow the favours.

Now, if this principle holds true, we’ve got a good game to play – finding which security firms collaborate with government agencies by looking at which companies ingratiate themselves most, and which companies receive the most government favours.

Premise
Remember, this is a game. The rules are similar to those used by law enforcement agencies in their own game called Find the Terrorist: one red flag if the suspect denounces the invasion of a foreign land; two red flags if he or she accuses the government of lying or expresses sympathy with Anonymous; three red flags if a Moslem country is visited and so on. Six red flags and you’ve found a terrorist.

Rules
In our game, the following are worth one red flag:

production of absurd statistics that support government policy (such as the cybercrime cost figures generated by McAfee and BAE Systems Detica)

continuing success against all natural market forces (such as Microsoft Office, when there are better free products such as Open Office and Google Docs)

purchase of key personal data companies that are outside of core business (such as EMC buying RSA, and Microsoft buying Skype)

existing accusations of collaboration (such as BT over Tempora, and backdoors in Windows)

directly accusing foreign governments of involvement in specific cybercrimes when in reality their can be no objective proof (such as Mandiant’s famous accusations against Comment Crew, and various firms’ terminology that implies that ‘hackers in China’ really means ‘Chinese government hackers’).

The following are worth two red flags:

preferential treatment that does not make economic sense (such as government insistence that costly products – eg MS Office – are used in government departments, schools and examinations – in preference to free products like Open Office)

sudden increase in direct government-inspired attacks against the major competition (such as those against Google – so who is Google’s primary competition? Note, this doesn’t mean that Google is innocent.)

The following are worth three red flags:

direct government ‘approval’ (such as the elevation of Mandiant, Detica, Cassidian, and Context to CESG’s Cyber Response Scheme)

active support for proposals that will make government surveillance more simple, such as support for the Communications Bill in the UK, or the Trusted Computing Platform anywhere.

Game weaknesses
There aren’t any…

Game strengths
…because you can’t lose. All security firms collaborate with government to one degree or another. If they don’t do it willingly, they do so under coercion; and if they don’t do it yet, it’s because they haven’t been told to, yet. But they do or will do it. The only way for a company to avoid collaborating with government is to shut down – like Lavabit.

Share this:

When the UK government talks about ‘transparency’, it means being transparent with our data, not government behaviour. Transparency doesn’t mean telling the people what the government is doing, or providing proof to justify its actions – it means selling the personal information of ordinary people to the highest bidder.

And when it doesn’t have enough personal data it furtively sets about getting more. Like secretly collecting the private communications of everyone. Like planning a national DNA/ID database hidden within the National Health Service.

A year ago, the government asked “Stephan Shakespeare, Chair of the Data Strategy Board and CEO of YouGov, to look at our progress so far on opening up public data and set out his assessment of how the Government should best use PSI [public sector information] to support economic growth… Stephan consulted with leading industry experts, businesses and academics in the field as well as undertaking a comprehensive market assessment of PSI.”

But he didn’t talk to you and he didn’t talk to me. And ‘public sector information’ is our information not his, and not the government’s.

Here’s a flavour from Shakespeare’s report:

In our consultations, business has made clear that it is unwilling to invest in this field until there is more predictability in terms of supply of data. Therefore without greater clarity and commitment from government, we will fail to realise the growth opportunities from PSI.

It is important to note for such a strategy that the biggest prize is freeing the value of health, education, economic and public administrative data.

Quite clearly, without any consultation with the people, the government is being urged to be transparent with business on exactly what it is willing to sell; and that the most valuable data is our personal health records, our educational records, our economic status, and other information held about us by the local authority.

And the government’s response to this? One word:

Accept.

This is government transparency – selling our privacy to the highest bidder. Are we really happy to just let this happen?

Share this:

For most of my life I have been opposed to proportional representation. I had been swayed by my politics tutor as a student: PR leads to weak governments and the people need a strong government.

That may have been true in the past. It is not true today. Years ago, politicians were basically good. Today, politicians are basically bad. The art of lobbying has become an efficient science; and vocational politicians have been replaced by money-worshipping, expenses-fiddling, favour-selling careerists.

It is possible to get very rich through a career in politics, but only if you achieve high office. Backbenchers are poorly paid. The higher the office, the greater the rewards – so all backbenchers aspire to ministerial positions. This is basically achieved by brown-nosing the PM and Cabinet; and the PM to stay in the Cabinet.

The result is inescapable: we do not have government by Parliament, nor even government by Cabinet: we have government by the Prime Minister. And this is precisely where and why we do not need a strong government. A strong government simply means that the Prime Minister is free and able to do whatever he wishes.

Democracy now needs a weak government. But the first past the post electoral system used in the UK makes it very difficult for any more than two parties to gain the number of parliamentary seats that reflects the number of national votes – and almost impossible for fourth and fifth and sixth parties to get any seats at all.

Normally we get a left-of-centre Labour government or a right-of-centre Conservative government with very little difference between the two and no chance of new ideas like environmental protection (Greens) or European secession (UKIP) or internet freedom (Pirate Party) being seriously heard.

Instead we get the whim of the PM steam-rollering the wishes of the lobbyists through the Conservabour party. A case in point is the Communications Data Bill – a bill that is wanted by the copyright holders and the intelligence agencies but just about nobody else.

The current government is a coalition; but only just. That coalition has forced the prime minister to think again about the Bill (he still wants it, and he’ll still get it, of course). But that is precisely why we need multi-party coalition governments – to stop the steamroller and make the prime minister horse trade over his (or her) more ridiculous and draconian wishes.

The irony is that weak governments make for strong democracy – and we’ll only get that in the UK with proportional representation.